Package org.refcodes.security.ext.spring
Class TextDecrypterBean
java.lang.Object
org.refcodes.security.ext.spring.TextDecrypterBean
- All Implemented Interfaces:
org.springframework.beans.factory.FactoryBean<String>
public class TextDecrypterBean
extends Object
implements org.springframework.beans.factory.FactoryBean<String>
The sole purpose of the bean is not to store any passwords in clear text in a
text file. It decrypts any encrypted passwords with a hard coded secret
(which is depended on the current application and the host this application
is processed on and may be acquired by accessing and manipulating alongside
executing the application on the host or heuristically simulating the
application with metrics gathered from the host). This means that any hacker
having access to the host and decompiling the code will be able to gain
knowledge on how to create plain text from the encrypted passwords in a
configuration file. Additional measures have to be undertaken in order to
restrict access to the program codes or configuration files by any intruder.
The password itself is stored as a byte array, so it is not stored as clear
text in the class files neither. Any further obfuscation has not been
approached as in the end it will not provide any further security due to the
fact that the password must be accessible somehow and automatically be
decryptable by program code.
ATTENTION: This bean just provides support for not storing any passwords in clear text!
-
Field Summary
Fields inherited from interface org.springframework.beans.factory.FactoryBean
OBJECT_TYPE_ATTRIBUTE
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionClass<?>
boolean
void
setEncryptedText
(String aEncryptedText) Sets the encrypted string to be decrypted and passed the the consuming bean.static String
toEncryptedText
(String aText) Helper method to encrypt a string which can be used in a configuration file.
-
Constructor Details
-
TextDecrypterBean
public TextDecrypterBean()
-
-
Method Details
-
setEncryptedText
Sets the encrypted string to be decrypted and passed the the consuming bean.- Parameters:
aEncryptedText
- the encrypted string to be decrypted.
-
getObject
- Specified by:
getObject
in interfaceorg.springframework.beans.factory.FactoryBean<String>
-
getObjectType
- Specified by:
getObjectType
in interfaceorg.springframework.beans.factory.FactoryBean<String>
-
isSingleton
public boolean isSingleton()- Specified by:
isSingleton
in interfaceorg.springframework.beans.factory.FactoryBean<String>
-
toEncryptedText
Helper method to encrypt a string which can be used in a configuration file.- Parameters:
aText
- the text string to be encrypted.- Returns:
- the string
-